Security

Turning a Blind Eye to Cybercrime

Overwhelmed by recession and terrorism, governments are failing to take cybercrime seriously, a remarkably frank and wide-ranging report from McAfee has concluded.

According to the company's Virtual Criminology Report, compiled from the opinions of independent experts, such complacency has a number of symptoms, most seriously, the unwillingness to give crime fighting units enough resources, and an inability to forge the trans-national laws necessary to make pursuing criminals possible.

The end result is that cybercrime will have to be tackled at a time - during global recession - when its size could increase due to an unwillingness by governments, businesses and individuals to invest money in security.

Drawing on a range of esteemed experts from beyond McAfee's marketing department, this is no mere scaremongering report of the sort security companies have made a speciality of producing from time to time. Nor do the experts hold back from criticising IT's place in helping create some of the problems that have fed into making cybercrime feasible.

"The Achilles heel of the technology sector is the same vulnerability that has the financial services sector currently on its knees: a wealth of arrogance," says Mary Kirwan, a lawyer and former Canadian cybercrime prosecutor.

"Complexity is worshipped as an end in itself, and simplicity is scorned. There's no understanding of critical interdependencies, through lack of communication. We've a poor grasp of what glues the Frankenstein monster we've created together, and what can just as equally tear it all apart," she says.

The UK's place in all this is a story of confusion more than anything, especially in policing.

"From Spring 2009 we will have a Police Central e-crime Unit (PceU), but it has taken a long time and it is still very under-funded. The public is still likely to be very confused about where to report a cybercrime," Peter Sommer, Visiting Professor at the London School of Economics' Information Systems Integrity Group is quoted in the report as saying.

"There will also be three quangos devoted to fraud reporting and intelligence and with the City of London Police as the fraud lead. Elsewhere there will also be the Serious Fraud Office. All this is a recipe for inter-agency disputes. Overall, cybercrime has not been fashionable in Labour government circles, having lost out to terrorism and anti-social behaviour."

McAfee's definition of cybercrime goes beyond mere money-making and includes other less often discussed categories such as the sudden increase in cyber-hacking by governments on one another. Despite the use of electronic means to put pressure on smaller countries by larger ones, there is still no mechanism for making complaints about such actions let alone promoting sanctions against perpetrators, note the report's contributors.

So what, if anything, can be done about the problem? The report's recommendations include governments demanding better security design in order for products to meet procurement standards, global laws on disclosing data breaches, and tighter rules of the behaviour of ISPs.

"This is a huge problem. But you have to start somewhere," commented McAfee's Greg Day. "Cybercrime is not getting the attention it needs."

Subscribe to the Security Watch Newsletter

Comments